10.5.3  Identity Protection Program

Manual Transmittal

January 16, 2014

Purpose

(1) This transmits revised IRM section 10.5.3, Identity Protection Program

(2) This supersedes IRM 10.5.3 dated 02-27-2013.

Material Changes

(1) Restructured and renumbered the entire IRM to incorporate BMF guidance.

  • Subsection 1 contains all policy related guidance.

  • Subsection 2 contains all IMF specific guidance.

  • IPU 13U0474 issued 03-05-2013 formerly IRM 10.5.3.2.16(6)c: Caution: Clarified if IP PIN:0 than no IP PIN was issued

  • IPU 13U0494 issued 03-11-2013 Exhibit 10.5.3-5, TC 972 AC 501, Exhibit 10.5.3-11, TC 972 AC 506, and Exhibit 10.5.3-13 TC 972 AC 522 to make it clear that when inputting TC 972 the TRANS Date field will be populated with the date of the transaction being reversed. The graphic states to refer to the written guidance below.

  • IPU 13U0567 issued 03-20-2013 updating various sections of IRM 10.5.3 with revised cross-references to IRMs 21.9.2.9.1(3), IRM 21.9.2.9.1, Identity Theft Assistance Request (ITAR) - AM IPSU only, IRM 21.9.2.1, Identity Theft - General Information, IRM 21.9.2.9, Identity Theft Assistance Request (ITAR) - General Information and RM 3.13.565.1. Additionally, former IRM 10.5.3.2.7.1 added a note in the If/Then Chart, If the documentation needed is present on AMS/CIS, do NOT request the taxpayer to resubmit documents.

  • IPU 13U0670 issued 04-02-2013 former IRM 10.5.3.2.15(3), a copy of the SSA letter 2458 is acceptable. The taxpayer is not required to provide IRS the original letter. Former IRM 10.5.3.2.11.5(2), added a new submission processing IRM section to listing.

  • IPU 13U0701 issued 04-08-2013 Exhibit 10.5.3-4 updated table by removing AM as a literal for AC 501 since AM is designated for IRS identified instances of ID theft.

  • IPU 13U0711 dated 04092013 updated IP PIN replacement table beginning April 2 through November 2013

  • IPU 13U0747 issued 04-16-2013 formerly IRM 10.5.3.4, added guidance for businesses and other entities whose employees/clients PII was breached.

  • IPU 13U0760 issued 04-18-2013 formerly IRM 10.5.3.4 added taxpayers must include supporting documentation when filing Form 14039,

  • IPU 13U0885 issued 5-8-2013 formerly IRM 10.5.3.2.1.1 added new section, Addressing All Taxpayer Issues which details IRM commitment to treat the identity theft victim’s account as a whole, resolving all account issues. Formerly IRM 10.5.3.2.1.2 added new section, Assessing the Scope of the Taxpayer’s Issues which requires that upon receipt/assignment of an identity theft case, an initial cursory review must be performed to identify all taxpayer issues to provide a higher level of customer service. Formerly IRM 10.5.3.2.4.1 added new section, Multiple Function Criteria (MFC) Cases Requiring Referral to IPSU for Monitoring. Formerly IRM 10.5.3.2.4.2 added new section, Multiple Function Criteria (MFC) vs. Single Function. Formerly IRM 10.5.3.2.11.1.1 revised title to IPSU Monitoring Multiple Function Criteria (MFC) Accounts and updated the section to include the MFC process.

  • IPU 13U1067 issued 06-10-2013 formerly IRM 10.5.3.2.10.2 added clarification for reversing AC 501. Formerly IRM 10.5.3.2.12.2 added section for reversing AC 506. Formerly IRM 10.5.3.2.4 revised section title to Tracking & Reporting Identity Theft Cases from Moving Cases into Identity Theft Inventory and updated guidance to improve clarity. Formerly IRM 10.5.3.2.16.1 updated OUO.

  • IPU 13U1187 issued 07-01-2013 formerly IRM 10.5.3.2.11.1.1 editorial change to update section with guidance inadvertently removed when IPU 13U0885 was issued regarding function responsibilities when assigned Form 14027B.

  • IPU 13U1193 issued 07-03-2013 formerly IRM 10.5.3.2.5.1 added new section about applying indicators systemically.

  • IPU 13U1271 issued 07-25-2013 Exhibit 10.5.3-17 added graphic for RICS reversal of AC 524.

  • IPU 13U1468 issued 09-17-2013 Exhibit 10.5.3-6 Clarified secondary date on AC 504 input by adding an IF/Then table. Clarified Miscellaneous code SPCL2 used for Return Preparer Misconduct Cases. Exhibit 10.5.3-12 Editorial correction, added a header row. Formerly IRM 10.5.3.2.7(8) Revised to include acknowledging receipt of a police report. Formerly IRM 10.5.3.2.7.2 Removing list of acceptable documents and replacing with cross-reference to IRM 10.5.3.2.7(1) editorial change. Exhibit 10.5.3-12 Editorial correction, 508 compliance.

  • IPU 13U1523 issued 10-01-2013 formerly IRM 10.5.3.2.19 limited IPSU input of AC 504 Tax Administration Source Codes to ACCT, BOTH, INCOME and NKI. Formerly IRM 10.5.3.2.19.1 added new section on manually reversing AC 504.

  • IPU 13U1527 issued 10-01-2013 formerly IRM 10.5.3.2.11.4.1 added new section on RICS DDb filters and taxpayers seeking assistance in the TAC.

  • IPU 13U1755 issued 12–20–2013 added new IRM sections 10.5.3.2.20, Employment-related Identity Theft - TC 971 AC 525 and 10.5.3.2.20.1, Employment-related Identity Theft TC 971 AC 525 (Pilot Population).

  • Subsection 3 contains all BMF specific guidance.

  • Added BMF Exhibits 10.5.3-18 through 10.5.3-25.

Effect on Other Documents

IRM Procedural Updates (IPUs), issued between March 5, 2013 through December 20, 2013: 13U0474, 13U0494, 13U0567, 13U0670, 13U0701, 13U0711, 13U0747, 13U0760, 13U0885, 13U1067, 13U1187, 13U1193, 13U1271, 13U1468, 13U1523, 13U1755 and 13U1527,

Audience

The provisions in this manual apply to all divisions, functional units, employees, and contractors within the IRS who address identity theft related issues.

Effective Date

(01-16-2014)

Amy L. Stanton
Director, Privacy and Information Protection

10.5.3.1  (01-16-2014)
Background of the Identity Protection Program and Policy Guidance

  1. Purpose. This manual defines the mission, objectives, and governance structure of the Identity Protection Program. It provides the organizational framework for carrying out specific policies and procedures aimed at preventing identity theft, protecting taxpayers and providing assistance to victims of identity theft.

  2. Scope. The provisions in this manual apply Servicewide.

  3. Accountability. Safeguarding and preventing the unauthorized disclosure of Personally Identifiable Information (PII) is a responsibility that is shared by all IRS employees and contractors. Lost or disclosed PII may be used to perpetrate identity theft or other forms of fraud if the information falls into unauthorized hands. See IRM 10.5.3.1.1, Definitions of Key Identity Protection Terms for a definition of PII.

10.5.3.1.1  (01-16-2014)
Definitions of Key Identity Protection Terms

  1. Identity Theft- A fraud that is committed or attempted, using a person's identifying information without authority.

    Example:

    Identity Theft: In 2010, the taxpayer filed his own return and did not use a preparer. However, unbeknownst to the taxpayer, the preparer he used in 2009, filed a return using the victim’s SSN without his permission. In 2010, the taxpayer was a victim of identity theft.

    Caution:

    Do not confuse preparer misconduct with identity theft.

  2. Preparer Misconduct: Return Preparer misconduct generally involves the orchestrated preparation and filing of false income tax returns (in either paper or electronic form) by unscrupulous preparers who may claim, for example:

    • Inflated personal or business expenses;

    • False deductions;

    • Unallowable credits;

    • Excessive exemptions; or

    • Fraudulent tax credits such as the Earned Income Tax Credit (EITC).

    The preparer's clients may or may not have knowledge of the false expenses, deductions, exemptions and/or credits shown on their tax returns.

    Example:

    Preparer Misconduct: A taxpayer used a preparer in 2009 to prepare and file Form 1040. The preparer changed the return by increasing the withholding tax claimed and diverted the resulting refund into the preparer’s personal account. This is preparer misconduct, do not place an identity theft tracking indicator on the 2009 tax year.

    Note:

    Refer to your functional IRM for guidance on resolving preparer misconduct cases.

  3. Personally Identifiable Information (PII). The definition of personally identifiable information is provided by OMB 07-16. For further information about PII, see the Privacy, Governmental Liaison, Disclosure (PGLD) web page called PII - What is personally identifiable information?.

  4. Incident - Throughout this IRM, the term “incident” refers to an occurrence or event involving identity theft as it applies to a specific tax year(s) as reported by the taxpayer.

  5. For a full listing of Identity Protection terms, see Exhibit 10.5.3-1, Glossary of Identity Protection Terms and Definitions.

10.5.3.1.2  (01-16-2014)
Origins of the Identity Protection Program

  1. Federal agencies have been instructed by the Office of Management and Budget (OMB) and the Department of the Treasury to address the increasing occurrence of identity theft.

  2. The Identity Protection Program was created in response to these directives and recommendations and to ensure IRS compliance with the President's Identity Theft Task Force Report.

  3. Identity theft creates a heavy financial and emotional toll on its victims and severely burdens our economy. The IRS is focused on prevention and assistance activities including a comprehensive approach to protecting taxpayer information. The IRS will enhance efforts through three primary goals:

    • victim assistance

    • outreach

    • prevention

10.5.3.1.3  (01-16-2014)
Identity Protection Program Responsibilities

  1. Identity Protection - This office in Privacy, Governmental Liaison and Disclosure (PGLD) has the following specific responsibilities related to administering the Identity Protection Program in IRS:

    1. Building programs to reduce incidents of identity theft

    2. Defining, communicating, and assigning responsibility for the IRS' substantiated identity theft incident tracking program

    3. Raising taxpayer awareness of identity theft techniques through outreach

    4. Reducing taxpayer burden and improving service options while addressing and resolving identity theft cases

    5. Protecting Treasury revenue by identifying suspicious filings before the refunds are generated

    6. Increasing operational efficiency of the IRS by detecting and processing reported identity theft incidents as early and consistently as possible

    7. Carrying out activities as required by the Identity Theft Advisory Council, which oversees the development and execution of the Identity Protection Program

    8. Identifying emerging trends and developing appropriate strategies and responses

    9. Developing, defining, monitoring, and executing identity theft policies and procedures

    10. Participating in risk assessments on IRS business processes, where appropriate

    11. Communicating and coordinating with both internal and external stakeholders (such as the Federal Trade Commission) to ensure consistency regarding identity theft issues

    12. Determining identity theft performance measures to assess the effectiveness of the program and identity theft initiatives throughout the IRS, and making recommendations for improvement as appropriate

    13. Overseeing the maintenance, publication, and conveyance of the servicewide identity theft guidance via the Identity Protection Program Internal Revenue Manual (IRM), ensuring that the information contained remains current

    14. Conducting identity theft program reviews, which include but are not limited to:
      IRM reviews to verify procedural consistency; and
      Closed case reviews to ensure adherence to servicewide policies and procedures

    15. Evaluating new technologies and assessing benefits for use in identity theft initiatives.

    16. Developing a process, along with Criminal Investigation, to communicate identity theft schemes and tactics used by perpetrators.

  2. The Identity Protection Office supports servicewide efforts to recognize and resolve identity theft issues while striving to provide a uniform and consistent approach to victim assistance. This includes internal outreach to all Business Operating Divisions to ensure the established policies are implemented and supported servicewide.

10.5.3.1.3.1  (01-16-2014)
Identity Protection Program Servicewide Identity Theft Guidance

  1. Identity theft occurs when someone uses an individual’s personal information, such as name, Social Security Number (SSN), or other identifying information without permission, to commit fraud or other crimes. Taxpayers may notify the IRS when they believe they have experienced an identity theft incident. In these instances, taxpayers must provide documentation to establish that they are identity theft victims.

  2. Identity theft often leaves its victims feeling helpless and distraught. Service employees should exercise empathy in dealing with victims. See IRM 10.5.3.1.3.5, Taxpayer Interaction. Additionally, the Taxpayer Bill of Rights II (TBOR 2), grants all taxpayers important rights. See Pub 1, Your Rights as a Taxpayer.

  3. Identity theft cases will be prioritized and worked expeditiously.

  4. Identity theft can affect tax administration in two primary ways:

    • Employment or Income Related - This occurs when the identity thief uses the victim’s SSN to obtain employment, resulting in what may appear as unreported income under the victim's account.

    • Refund Related - This occurs when the identity thief uses the victim’s SSN to file a false federal income tax return to obtain funds. If the thief files before the victim, the victim may not receive his or her refund within a reasonable time frame.

10.5.3.1.3.2  (01-16-2014)
IRS Employees Who May be Victims of Identity theft

  1. Non-Tax Related Identity Theft - If you think you might be at risk of identity theft due to a lost or stolen purse or wallet, questionable credit card activity or credit report, you should contact the IRS Identity Protection Specialized Unit to take steps to secure your account.

    • You can call IPSU toll-free at 800-908-4490, Mon. – Fri., 7 a.m. -7 p.m. local time (Pacific Time for Alaska and Hawaii). You will need to fill out an 'IRS Identity Theft Affidavit', Form 14039.

      Note:

      Please be sure to write legibly and follow the instructions on the back of the form.

    Note:

    For additional information on non-tax related identity theft, see IRM 21.9.2.3.1, Self Identified - Non-Tax-Related Identity Theft.

  2. Tax Related Identity Theft -

    • If you think someone is using your information to file false tax returns, you should contact the IPSU toll-free number and your local Treasury Inspector General for Tax Administration (TIGTA) office immediately, in person or by phone at 800-366-4484.

    • If you receive an IRS notice that makes you think you have become a victim of tax-related identity theft, you should call the number on the notice as soon as possible.

    • If you believe someone is using your information to impersonate an IRS employee, or if you suspect an IRS employee may be involved in your identity theft, you should contact TIGTA immediately.

10.5.3.1.3.3  (01-16-2014)
Assessing the Scope of the Taxpayer’s Issues

  1. Taxpayers may initially come to IRS regarding a current year refund. Some taxpayers may not be aware that other tax modules have also been affected by identity theft.

  2. Upon receipt/assignment of an identity theft case, an initial cursory review must be performed to identify all taxpayers and all taxpayer issues. Identifying issues at the beginning of the case provides a higher level of customer service and reduces the potential for problems to go unresolved.
    For IMF Cases refer to:

    • IRM 21.6.2.4.2.3, Preliminary Research

    • IRM 4.19.13.25.8, Complete Case Analysis


    For BMF Cases refer to:

    • IRM 10.5.3.3., BMF Identity Theft Procedures

    .

  3. Special attention should be given to cases that by their nature indicate a high potential for multiple year involvement. Although the following examples are not all inclusive, taxpayers who do not have a filing requirement are more susceptible to being targeted. This includes elderly, disabled and/or underage.

    Example:

    A taxpayer’s only income is SSI. A proposed reduction in SSI benefits due to an IRS levy has prompted the taxpayer to contact IRS and file a Form 14039 indicating his SSI was levied for a 2010 tax liability. Furthermore, the taxpayer states that they are permanently disabled and have not worked since 2007. Account review indicates returns filed for 2009, 2010, 2011, and 2012.

    Example:

    A duplicate filing condition involves one return showing low wages, a filing status of single, and no dependents claimed. The other return shows a filing status of MFJ with dependents claimed. Our records show that the taxpayer is 17 years old. While it is possible for a 17 year old to file a MFJ return claiming dependents, the very nature of this case should cause the employee working the case to look at prior years. In our example, the prior years show the MFJ couple has been filing for years under the SSN. Refer to your relevant operational IRM(s) for the appropriate action to be taken on the prior years.

    Note:

    It is understood that multiple year involvement may not surface until a later phase in the processing of the case.

10.5.3.1.3.4  (01-16-2014)
Addressing All Taxpayer Issues

  1. IRS is committed to providing taxpayers who have experienced identity theft with an additional level of sensitivity and understanding. From the taxpayer’s perspective, his/her account encompasses all his/her tax returns.

  2. Employees assigned an identity theft case will treat the identity theft victim’s account as a whole, resolving all account issues.

  3. When identity theft issues involve multiple tax years that require corrective actions by multiple functions, every effort must be made to ensure all issues are addressed and resolved. For IMF account issues involving multiple functions, refer to IRM 10.5.3.2.10.1.1, IPSU Monitoring Multiple Function Criteria (MFC) Accounts.

  4. When identity theft issues involve multiple tax years or multiple taxpayers that may or may not be assigned or active (for example, “active” referring to a tax year with a balance due), every effort must still be made to ensure all issues are addressed and resolved.

10.5.3.1.3.5  (01-16-2014)
Taxpayer Interaction

  1. All taxpayers desire and expect courteous service. Taxpayers who have experienced identity theft are already victims, either emotionally or financially. IRS employees need to be aware of that impact and handle the contact with an additional level of sensitivity and understanding.

  2. Victims can suffer far more than the loss of their money or ruin of their credit. Loss of employment and inability to obtain housing are just a few examples of how identity theft can threaten a victim’s basic needs.

  3. In addition to providing the taxpayer with courteous service, you should educate the taxpayer as to how to protect themselves and where to find additional information:

    • Contact the Federal Trade Commission (FTC) Identity Theft Hotline;

    • Contact the Social Security Administration (SSA);

    • File a report with their local or state police;

    • Contact their state Attorney General's office;

    • Contact one of the three major credit bureaus: Equifax, Experian, or TransUnion;

    • File Form 14039, Identity Theft Affidavit with the IRS;

    • Review Publication 4535, Identity Theft Prevention and Victim Assistance; and

    • Review the IRS website.


    For additional information see IRM 21.9.2.3, Identity Theft - Telephone Overview.

  4. Taxpayers meeting Taxpayer Advocate Service (TAS) Criteria 1-4 (economic burden), will be referred to the TAS, see IRM 13.1.7.2, TAS Case Criteria.

    Caution:

    If IRS can provide relief or take a substantive action towards providing relief within 24 hours, do not send the case to TAS.


    Generally, IRS will refer TAS Criteria 5-7 cases to IPSU for resolution. Refer to IRM 21.9.2.9, Identity Theft Assistance Request (ITAR) - General Information, for the IPSU criteria.

10.5.3.1.4  (01-16-2014)
IRS/PGLD Initiatives

  1. The IRS established and expanded initiatives to address identity theft in tax administration which includes:

    • The Technical Working Group for Identity Theft Victim Assistance (TWG);

    • The Identity Theft Advisory Council; and

    • Identity Theft Training

10.5.3.1.4.1  (01-16-2014)
Technical Working Group for Identity Theft Victim Assistance

  1. The Technical Working Group for Identity Theft Victim Assistance (TWG) is a cross-functional group that discusses unique identity theft cases where the taxpayer has been unduly burdened. The TWG was established through a collaborative effort with TAS, and is facilitated by the Identity Protection Program.

  2. The overall purpose of the TWG is to provide a forum for developing recommendations on how processes and procedures can be improved to address and reduce the burden on taxpayers who are victims of identity theft. The TWG's responsibilities include:

    1. Providing a medium for cross-functional discussion and data gathering on identity theft issues

    2. Analyzing identity theft cases where the victim has been significantly burdened

    3. Determining if there are existing procedures to address key issues

    4. Discussing ideas on how related procedures can be developed and/or improved

    5. Developing recommendations for process improvements

  3. The TWG meets periodically and is comprised of representatives and subject matter experts from the various business units and functions. During the meetings, TWG participants discuss a taxpayer identity theft case and provide analysis and function-specific insight regarding existing processes and procedures pertaining to the case and taxpayer treatment. Through this discussion, the group suggests ideas to improve existing procedures and/or provides recommendations for procedures that may need to be developed.

  4. The TWG provides a forum for discussing systemic and procedural issues and developing recommendations and solutions on how processes and procedures can be improved to reduce taxpayer burden with regard to issues of identity theft. The function of the TWG is NOT to address specific taxpayer related identity theft issues, but rather to deal with systemic/procedural issues.

  5. The TWG encourages functions to submit systemic and procedural issues of identity theft that cannot be resolved at the functional level, to the TWG. Issues identified by functions will first follow the issue escalation process of their respective organization. If an issue cannot be resolved through the functional channels, but meets the systemic/procedural issue criteria shown in IRM 10.5.3.1.4.1 (6) and (7) below, the functional liaison to the TWG will document the issue using the Issue Submission Template. The functional liaison will E-mail the completed Issue Submission Template to the following E-mail address: PIPDS.IPIM.TWG@irs.gov. Refer to the Identity Theft website link TWG Issue Submission Template for the template to be used for this purpose.

  6. An Identity Protection staff member will monitor the issue submission mailbox regularly. The Monday before the TWG meeting (meetings held monthly), an Identity Protection staff member will review and select an issue to be presented to the TWG. As part of the issue review process, the Identity Protection staff member will review the form and may follow up with the submitter for additional clarification. The selected issue will be added to the agenda and will be discussed during the TWG meeting. The TWG will attempt to resolve the issue and submit the procedural changes via a SERP alert, interim guidance, and/or IRM changes.

  7. Guidelines for Selecting Systemic Issues to be Addressed by the TWG - The TWG provides a forum for discussing systemic issues and developing recommendations on how processes and procedures can be improved to reduce taxpayer burden. A systemic issue can be defined as an issue that meets any of the following criteria:

    1. Can be expected to affect multiple taxpayers.

    2. Is not a problem specific to an individual taxpayer.

    3. Affects segments of the taxpayer population, locally, regionally or nationally.

    4. Relates to IRS systems, policies, and procedures.

    5. Requires study, analysis, administrative changes or legislative remedies.

    6. Involves protecting taxpayer rights, reducing or preventing taxpayer burden, ensuring equitable treatment of taxpayers or providing essential services to taxpayers.

  8. The TWG is focused on the issue of identity theft, therefore all systemic issues should be specifically related to incidents of identity theft. Identity theft is defined as an incident where someone uses another individual's personal information such as name, Social Security Number (SSN), or other identifying information, without permission, to commit fraud or deception. Each issue should meet one or more of the following criteria.

    1. A procedural gap has been identified where no IRM exists.

    2. More than one IRM exists, and the guidance is not consistent, causing disparate treatment from one case to another

    3. A procedural gap has been identified in a single BOD; however other BODs may be impacted

    4. A procedural gap has been identified in a single BOD, and the SME would like the TWG to review the issue and provide feedback

    5. A technical issue has been identified that is likely to impact multiple cases and should be addressed on a systemic level

    6. An issue requires expedited resolution; may be in response to an external inquiry to a prior case

10.5.3.1.4.2  (01-16-2014)
The Identity Theft Advisory Council

  1. The Identity Theft Advisory Council (IDTAC) is part of a two-tiered governance process to address Servicewide identity theft efforts.

  2. Sharing identity theft related information is the major role of the Council. This ensures all participants are equally informed regarding issues, trends, and identity theft initiatives. The IDTAC will make decisions about how to move forward on current and new initiatives and advise the Identity Theft Executive Steering Committee (IDTESC) on initiatives requiring their action or decision.

  3. The advisory role to the IDTESC includes, but is not limited to, the following:

    • Foster development of additional tools to further reduce taxpayer burden, protect Treasury revenue, and increase processing efficiencies;

    • Coordinate issues with business functions to assist with decision-making, such as ensuring risks and interdependencies are properly managed;

    • Monitor and report on emerging issues impacting identity theft;

    • Monitor and report on IDT inventory trends and metrics, assess business performance and recommend strategies for addressing performance; and

    • Elevate unresolved disputes to the IDTESC.

10.5.3.1.4.3  (01-16-2014)
Awareness Training and Education

  1. The Identity Protection Program shall institute measures to inform IRS personnel of their responsibilities for protecting taxpayers and employees against the loss, disclosure, or theft of their PII.

  2. The Identity Protection Program also supports the annual Information Protection and Disclosure Mandatory Briefing managed by the Office of Privacy, which provides information regarding identity protection.

10.5.3.1.4.4  (01-16-2014)
Business Entities Whose Employee or Clients PII was Breached

  1. Businesses, hospitals, doctor’s offices, etc., may contact IRS when their employee or client PII has been breached. If you are contacted by one of these entities, and they are seeking guidance for their employees/clients, the following actions/precautions should be recommended.
    Recommend the breached entity contact each of the affected individuals/clients/employees whose data was breached to take the following precautions

    • Contact the Federal Trade Commission (FTC) Identity Theft Hotline, the Social Security Administration (SSA); and one of the three major credit bureaus: Equifax, Experian, or TransUnion; and

    • File Form 14039, Identity Theft Affidavit, and the required supporting documentation with the IRS. Refer to IRM 10.5.3.2.6 , Overview - Identity Theft Supporting Documentation for additional information,

    Note:

    The affected individuals will need to file Form 14039 to have their account protected. IRS does not accept Form 14039 from unauthorized third parties.

  2. For additional information on identity theft guidance, refer to IRM 21.9.2.3, Identity Theft -Telephone Overview.

10.5.3.2  (01-16-2014)
IMF identity Theft Procedures

  1. This subsection of IRM 10.5.3 is specific to resolving Individual Masterfile (IMF) accounts.

10.5.3.2.1  (01-16-2014)
IMF- Identity Theft Research

  1. Research should be performed and documented prior to reaching a final determination of identity theft. Research using Command Codes (CC) ENMOD, IMFOL, RTVUE, NAMES, INOLE, DUPOL, FFINQ, REINF, and IRPTR.

    Caution:

    Consult your functional IRM for research requirements when resolving identity theft cases as the following list is not all inclusive.

    1. Research the TIN (valid and invalid) to determine if there was a mixed entity or scrambled case in prior years, and to locate any possible cross-reference TIN.

      Note:

      Research Real-Time System (RTS) in addition to IDRS research of CCs for Individual Tax Identification Numbers (ITIN). See IRM 3.21.263.8.1.2, Accessing and Logging onto ITIN RTS and IRM 3.21.263.8.4, Researching the ITIN RTS.

      Caution:

      See IRM 21.6.2, Adjusting TIN-Related Problems for additional information.

    2. Review all returns for the year(s) involved (including returns filed at other sites AND electronic filed returns). When applicable, utilize SCFTR Service Center Control File (SCCF) as a part of your research. For ITIN cases, use EUP/RTS to locate DLNs to request any relevant original Form W-7 application documents.

      Note:

      Prior to ordering returns from files, hard copy MFTRA prints, and NUMIDENT use CC RTVUE, TRDBV etc. to case build. Unnecessary ordering of returns, MFTRAs and NUMIDENTs may delay case resolution.

    3. Search returns, schedules, and forms for a different TIN. Research spouse and dependent information whenever available.

    4. Compare all documents and return information for:
      •Name
      •Social Security Number
      •Address
      •Occupation
      •Exemptions
      •Signatures (except for e-filed returns when a signature is unavailable)
      •Similar tax data
      •Forms W-2, etc.
      •Marital status changes
      •Tax preparer

    5. If you cannot locate a valid TIN for each taxpayer, and the common number (the taxpayer identification number used by the victim and the perpetrator) is an SSN, request MFTRA, type U, to obtain NUMIDENT information.

    6. Search returns and entity modules for indications of identity theft such as identity theft documentation attached to the return or a previously posted TC 971 with Action Code (AC) 501 or TC 971 with Action Code 522.

    Caution:

    Inadequate authentication of the identity of a caller could result in an unauthorized disclosure of return or return information. Refer to IRM 21.1.3.2.3, Required Taxpayer Authentication and IRM 21.1.3.2.4, Additional Taxpayer Authentication.

10.5.3.2.2  (01-16-2014)
Tracking and Reporting Identity Theft Cases - IMF

  1. The first step to tracking and reporting identity theft incidents is through the use of Identity Theft Tracking Indicators. Identity theft can be tax related or non-tax related. Identity theft cases can be found in virtually any BOD/Function inventory.

  2. In situations where the taxpayer makes an allegation of identity theft or when the IRS initially suspects that identity theft may have occurred, IRS functions will apply an identity theft indicator. The identity theft tracking indicator alerts others that a claim of identity theft has been reported. Refer to IRM 10.5.3.2.5, Initial Allegation or Suspicion of Identity Theft - Identity Theft Indicators for additional information regarding the appropriate tracking indicator.

    Note:

    The application of the TC 971 AC 522 PNDCLM does not always equate to an inventory point of count. Refer to your functional IRM regarding the process of inventory management for ID Theft cases.

  3. In most instances, for taxpayer initiated claims of identity theft, the case MUST be moved into identity theft inventory if:

    1. The taxpayer has verbally stated he/she is a victim of identity theft and there is an open control; or

    2. The taxpayer has provided documents to support a verbal claim of identity theft where there were previously no open controls.
      This provides victims with a treatment stream for case resolution specific to identity theft. Refer to IRM 10.5.3.2.6, Overview – Identity Theft Supporting Documentation.

      Note:

      Follow your normal functional IRM guidance for case assignment/referral.

10.5.3.2.3  (01-16-2014)
Multiple Function Criteria (MFC) Cases Requiring Referral to IPSU for Monitoring - IMF

  1. The IRS will monitor taxpayer accounts through resolution when a taxpayer’s account requires corrective actions by more than one function. Multiple Function Criteria (MFC) is defined as an identity theft case requiring resolution across functions. The term “multiple function” as applied to this process means a case that is located in more than one of the following defined functions:

    • Accounts Management - Open controls in Refund Inquiry and Statutes would be considered a “single function” because both programs reside under the Accounts Management umbrella;

    • Compliance - Open controls in AUR and Exam would be considered a single function because both programs reside under the Compliance umbrella. Refer to the note below regarding Compliance functions;

    • Return Integrity and Correspondence Services (RICS);

    • Field Assistance (FA);

    • Large Business & International (LB&I);

    • Appeals; and

    • Submission Processing (SP)

    Note:

    Compliance Functions include Automated Underreported (AUR), Automated Substitute for Return (ASFR), Campus Exam, Field Exam, Automated Collection System (ACS), Automated Collection System Support (ACSS), Compliance Services Collection Operations (CSCO), and Field Collection regardless of BOD. When multiple compliance functions are involved, the case will be resolved by the function with the earlier control.

  2. As directed by IRM 10.5.3.1.3.4, Assessing the Scope of the Taxpayer’s Issues, upon receipt of an identity theft case, employees will review the account to determine if MFC issues exist.

    Example:

    The employee assigned a TY 2010 ASFR involving an identity theft claim reviews the taxpayer’s account and finds that for the 2012 tax year, AM is working a duplicate filing case. Because of the open duplicate filing case and the ASFR case, this identity theft case has met the Multiple Function Criteria (MFC) and requires resolution of the issues by more than one function. (Accounts Management and Compliance). Each function will be responsible to resolve their taxpayer’s issues. IPSU would monitor this case through complete case resolution.

    Note:

    W&I IPSU employees will follow IRM 21.9.2.3.3, Tax-Related Identity Theft (IPSU Toll-Free line CSRs only).

    IF THEN
    A taxpayer’s case resolution meets MFC (more than one function must take corrective action complete case resolution)
    • Complete Form 14027A and fax to ICT at 855-807-5720 within 30 days of receipt. Include a copy of Form 14039 and supporting documents, if applicable.

    • If Form 14039 was received, acknowledge receipt per IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation within 30 days.

    A taxpayer’s case resolution does NOT meet MFC Continue with case resolution using your IRM procedures.

  3. In situations where IPSU receives a Form 14027A monitoring request and the account does not meet MFC, IPSU will reject the Form 14027A within two (2) business days of the referral being rejected. Refer to IRM 21.9.2.4.2, Tax-Related Identity Theft - (Andover and Fresno IPSU only).

10.5.3.2.3.1  (01-16-2014)
Multiple Function Criteria (MFC) vs. Single Function

  1. Multiple cases residing in one function will not be monitored by IPSU. The function assigned will take all actions required to resolve the taxpayer’s issues and act as the Point of Contact through resolution of the single IDT issue. The taxpayer may experience identity theft problems in one or more of his/her accounts/tax years but if Multiple Function Criteria (MFC) as described in IRM 10.5.3.2.3, Multiple Function Criteria (MFC) Cases Requiring Referral to IPSU for Monitoring is not met because issue resolution resides in a single function, do not refer the case to IPSU for monitoring.

    Multiple Issue Located in This occurs when all taxpayer issues are located only in one Function….
    Accounts Management (AM) One AM employee is working a TY 2011 identity theft case. A second AM employee is assigned a TY2012 Duplicate filing case. The employee with the earliest received date will take ownership of both years and act as the single point of contact for the taxpayer. Because both employees reside in AM, IPSU will not monitor this case.
    IRM references for AM:
    • IRM 21.2.2.4.2, IDRS Case Controls

    • IRM 21.6.2.4.2.1, IDRS Case Controls

    Compliance This occurs when all taxpayer’s issues are located only in Compliance Functions. For example: TY 2009 is open in AUR while TY 2008 is open in exam.
    IRM references for Compliance:
    • IRM 5.19.6.26.3.1, Cases Meeting ACSS Criteria with Multiple Functional Involvements.

    • IRM 4.19.13.25.3.2, Multiple Function Controls

    Note:

    Compliance functions include AUR, ASFR, Campus Exam, Field Exam, ACS, ACSS, CSCO, and Field collection regardless of BOD.

    Note:

    Compliance employees will complete the "Complete Account Analysis" procedures on all cases as required in the functional IRMs.

10.5.3.2.4  (01-16-2014)
IMF Identity Theft Tracking Indicators

  1. The Identity Protection Program developed identity theft indicator codes to track identity theft incidents. Each indicator is input as a Transaction Code (TC) 971 with Action Code (AC) and is displayed on Integrated Data Retrieval System (IDRS) via command codes ENMOD or IMFOL with definer "E" of the affected taxpayer's account. For accounts not available on IDRS, command code IMFOLE will display the identity theft tracking indicators.

  2. Identity theft tracking indicators are used to mark both tax-related and non-tax related incidents of identity theft and they help us to identify open and closed cases. While some action codes are used to track the progression of inventory (522) others provide taxpayer protections (501 and 506) once the tax related identity theft issue is resolved.

  3. In January 2012, PGLD expanded the use of identity theft markers to facilitate Servicewide tracking and reporting of identity theft incidents. These indicators, or markers, capture identity theft inventory from the initial taxpayer allegation to account resolution. Each indicator is input as a Transaction Code (TC) 971 with an Action Code (AC) and Tax Administration Source Code.

  4. The AC and Tax Administration Source Code is dependent upon the facts and circumstances of the case.

10.5.3.2.4.1  (01-16-2014)
Mass Input of Identity Theft Tracking Indicators

  1. Identity theft tracking indicators are used to mark both tax-related and non-tax related incidents of identity theft. The indicators help IRS in identifying open and closed cases. Generally, indicators are input to taxpayer accounts using IDRS. However, under certain conditions, the service may consider marking many accounts with specific identity theft indicators at one time by posting the indicator directly to masterfile.

  2. Functions considering this path for marking accounts MUST first contact PGLD Technical Staff via E-mail for PGLD concurrence. The E-mail must contain the following:

    • A detailed explanation of why the indicator is being used to mass flag accounts.

    • The number of accounts being marked with an identity theft indicator.

    • The method by which taxpayers will be notified that an indicator was placed on their account and an example of that notification letter or notice.

    • A draft of the function’s IRM guidance, IPU, or SERP alert detailing the marking of the accounts and the date the guidance will be available.

    • An agreement with the unpostable functions that will resolve subsequent unpostable conditions resulting from the mass indicator inputs.


    The E-mail will be directed to the following mailbox:PGLD at PIPDS.IPP@IRS.GOV

  3. Any efforts to post identity theft indicators directly to masterfile MUST use the formats established in IRM 10.5.3-4 through 10.5.3-17. Not following the specifications for input will negatively affect the ability to reverse or take corrective actions. Failure to adhere to established formats will impede or prevent the business rules tied to the indicators from functioning as intended.

10.5.3.2.5  (01-16-2014)
Initial Allegation or Suspicion of Tax-Related identity Theft - Identity Theft Indicators

  1. An initial allegation or suspicion of identity theft can be recognized by either the taxpayer or the service. PGLD developed tracking indicators to mark taxpayer accounts when the identity theft incident is initially alleged or suspected.

  2. Two Tax Administration Source codes were developed to track cases as they are initially identified:

    1. TC 971 AC 522 PNDCLM - for taxpayer initiated allegations of identity theft.

      Note:

      For identity theft cases initiated as TC 971 AC 522 PNDCLM, the identity theft issue will be closed with a corresponding TC 971 AC 501 reflecting the same tax year, provided the taxpayer submitted supporting documentation.

    2. TC 971 AC 522 IRSID - for IRS initiated suspicions of identity theft.

      Note:

      For identity theft cases initiated as TC 971 AC 522 IRSID, the identity theft issue will be closed with a corresponding TC 971 AC 506 reflecting the same tax year, as applicable.

    Reminder:

    TC 971 AC 522 does not provide taxpayer protections or prevent future occurrences of identity theft. This code is used to identify potential identity theft cases.

  3. Prior to marking an account with TC 971 AC 522 PNDCLM, IRSID, or NODCRQ research ENMOD/IMFOLE to ensure the account has not already been marked for the same tax year/incident. If the coding already exists and the issue has not been resolved, do not input a second code for the same tax year/incident.

    Note:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  4. Do not apply the AC 522 PNDCLM or IRSID to the SSN of a taxpayer when an ITIN taxpayer reports the misuse of the SSN. See IRM 10.5.3.2.9 (1) (d) Note, Closing Taxpayer Initiated Identity Theft Affecting Tax Administration - TC 971 AC 501, Documentation Provided.

    Example:

    In the course of performing an audit, the employee identifies an ITIN taxpayer has been working under the SSN belonging to another individual. The SSN owner is unaware of the misuse of his SSN. Do not apply the AC 522 to the commonly used SSN.

10.5.3.2.5.1  (01-16-2014)
Taxpayer Initiated Allegations of Identity Theft - Pending Claim Identity Theft TC 971 AC 522 PNDCLM

  1. In situations where the taxpayer or the taxpayer's authorized representative as defined in IRM 21.3.7.5, Form 2848, Power of Attorney and Declaration of Representative, and Form 8821, Taxpayer Information Authorization Overview, makes an allegation of identity theft, employees will mark the taxpayer's account using Command Code (CC) REQ77 initiated from ENMOD to input a TC 971 AC 522 reflecting Tax Administration Source Code PNDCLM, and the tax year of the identity theft incident. See Exhibit 10.5.3–12, for additional information.

    Example:

    Taxpayer calls the IRS on March 13, 2011, regarding a CP 2000 notice for 2009. He states he did not earn the income reported nor did he reside in the state in which the income was earned. He suspects he may be a victim of identity theft. He has not experienced a previous identity theft issue. He is concerned that someone may be using his SSN without his permission for employment purposes. The Customer Service Representative (CSR) will input a TC 971 AC 522 PNDCLM initiating an identity theft case for the 2009 tax year.

  2. When a taxpayer asserts identity theft, request the taxpayer provide identity theft supporting documentation. See IRM 10.5.3.2.6,Overview - Identity Theft Supporting Documentation.

    Caution:

    When a taxpayer files a return with identity theft documentation attached, Submission Processing (SP) Code and Edit employees will edit an SPC 8 on the paper return. The SPC 8 is transcribed and generates a TC 971 AC 522 WI SP PNDCLM. Beginning in 2014, the SPC 8 will generate an acknowledgement letter advising the taxpayer that the Service received his/her documents. The TC 971 AC 522 input to reflect complete and legible documents were received is not input until the documents have been reviewed by the assigned function. refer to IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation

  3. There will be only one TC 971 AC 522 PNDCLM per tax year, per reported incident.

    Example:

    Taxpayer calls IRS on May 15, 2011, claiming to be a victim of identity theft for a 2008 audit assessment. The Customer Service Representative (CSR) requests the taxpayer respond to examination with identity theft supporting documentation and applies the TC 971 522 PNDCLM to the 2008 account. On September 12, 2011, the taxpayer calls IRS claiming to be a victim of identity theft for the same 2008 audit assessment. The CSR reviews the account and finds there is no open IDRS controls and there is an un-reversed 522 PNDCLM. The CSR will follow IRM procedures for resolving the call. The CSR will not input another 522 PNDCLM as one is already present on the entity.

  4. If the account reflects a TC 971 AC 522 PNDCLM for a specific tax year that has been reversed (TC 972) and the taxpayer is reporting an identity theft for the same tax year, a second TC 971 AC 522 PNDCLM may be appropriate.

    Example:

    A taxpayer alleging identity theft contacted IRS on February 2, 2012 regarding tax year 2009. The employee requested supporting documentation from the taxpayer. On May 1, 2012, the employee input a TC 972 AC 522 NORPLY as the taxpayer did not provide the documentation requested. On June 3, 2012, the taxpayer provided the requested documents. The employee input a new TC 971 AC 522 PNDCLM and a TC 971 AC 522 to reflect receipt of documentation.

  5. If ENMOD reflects an unreversed TC 971 AC 501 and the taxpayer is reporting identity theft in a subsequent tax year, a TC 971 AC 522 NODCRQ is appropriate. See IRM 10.5.3.2.6.4, Marking Taxpayer Accounts When Identity Theft Supporting Documents Are NOT Required (NODCRQ) -TC 971 AC 522 NODCRQ.

  6. If, at the time of case closure you find the Entity module has not been flagged with a TC 971 AC 522 PNDCLM, do not input this code at closing. Close the identity theft issue with TC 971 AC 50X, as appropriate.

10.5.3.2.5.2  (01-16-2014)
IRS Initiated Suspicion of Identity Theft - TC 971 AC 522 IRSID

  1. In situations where the IRS suspects identity theft may have occurred, employees will mark accounts, using Command Code (CC) REQ77 initiated from ENMOD to input a TC 971 AC 522 reflecting a Tax Administration Source Code IRSID, and the tax year of the identity theft incident. See IRM Exhibit 10.5.3 -12, TC 971 AC 522 Tax-Related Identity Theft, Case Status (Initial Claim/Suspicion and Supporting Documents), for additional information.

  2. The TC 971 AC 522 IRSID will be applied at the time you suspect ID theft may have occurred.

    Note:

    If there is already a TC 971 AC 522 IRSID, NODCRQ or PNDCLM for the same tax year, do NOT input TC 971 AC 522 IRSID.

  3. There will be only one TC 971 AC 522 IRSID per tax year, per reported incident.

    Example:

    Accounts Management, while working a duplicate filing condition for the 2010 tax year, suspects an identity theft incident may have occurred. The TC 976 return appears to have been filed by the SSN owner at the address of record for many years. The TC 150 reflects income not supported by IRPTR, suspicious dependents and a different address from prior year filings. The CSR will input a TC 971 AC 522 IRSID initiating an identity theft case and follow IRM procedures to resolve their case.

  4. PGLD considers an account with a TC 971 AC 522 IRSID and no subsequent TC 971 AC 506 (indicating a completely resolved account) an open identity theft case. Subsequently, if the case is deemed NOT to be identity theft, see IRM 10.5.3.2.7, Reversing Pending Identity Theft Claims - TC 972 AC 522 NORPLY or NOIDT.

  5. If, at the time of case closure you find the Entity module has not been flagged with a TC 971 AC 522 IRSID, do not input this code at closing. Close the identity theft issue with TC 971 AC 50X, as appropriate

10.5.3.2.5.3  (01-16-2014)
Identity Theft Case Building

  1. Generally, employees will use internal resources to research taxpayer accounts. Internal research includes, but is not limited to, use of Command Code IRPTR, past filing history, entity research, etc. See IRM 21.6.2.3, TIN-Related Problems Research, IRM 21.6.2.4.2, Multiple Individuals Using the Same TIN, and IRM 21.6.2.4.2.3, Preliminary Research for additional information about determining SSN ownership.

  2. If a determination of SSN ownership can not be made using internal research, the employee assigned may request the taxpayer provide identity theft supporting documentation. See IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation. The employee will follow their functional IRM procedures established for requesting taxpayer information.

  3. In situations where you do not have the authority to work the case to resolution, follow your IRM procedures to refer the case to the appropriate function. For example, a CSR will follow their IRM 21.6.2.4.2.1, Telephone Inquiries Regarding MXEN, IDT1, IDT3, IDT8, IDT9 and Scrambled Cases and prepare a Form 4442 to refer taxpayer inquiries regarding mixed entity, identity theft, and Scrambled SSN cases.

10.5.3.2.6  (01-16-2014)
Overview - Identity Theft Supporting Documentation

  1. Taxpayers will notify the IRS when they believe they may have experienced an identity theft incident. In these instances, taxpayers alleging to be victims of identity theft will be required to provide documentation to substantiate identity theft incidents as detailed below:

    Note:

    In situations where the taxpayer initially asserts identity theft and provides supporting documents at the same time, mark the account with both a TC 971 AC 522 Tax Administration Source Code “PNDCLM” and a second TC 971 AC 522 reflecting documentation using the appropriate Tax Administration Source Code.

    1. Authentication of Identity - a copy of a valid U.S. federal or state government issued form of identification (examples include a driver’s license, state identification card, social security card, or passport).

      Note:

      IRS no longer accepts Puerto Rican birth certificates issued before July 1, 2010, due to new laws by the Government of Puerto Rico. Taxpayers with birth certificates issued before this date must get new documentation from the Puerto Rico Vital Statistics Record Office.

    2. Evidence of Identity Theft - a copy of a police report or Form 14039, IRS Identity Theft Affidavit.

      Note:

      The IRS affidavit, Form 14039, is accepted from taxpayers in support of an allegation of identity theft. This form collects only the information necessary for taxpayers to attest to the IRS that they either have experienced or are at risk of harm from identity theft. IRS only accepts the IRS affidavit or a police report for substantiation purposes. The IRS affidavit is also available in Spanish, Form 14039 SP.

      Note:

      When taxpayers contact the IRS indicating they have lost their wallet, experienced suspicious activity on their credit report, or have a tax related issue, IRS employees should direct them to complete Form 14039. As a reminder, this is not necessary if they have already obtained a police report. The police report is a valid form of identity theft substantiation. Taxpayers who submit police reports should not be directed to complete an IRS affidavit. Requirements for proof of identity (in addition to documentation substantiating identity theft) remain the same.

  2. Form 14039 is used to report both tax-related and non-tax related identity theft issues. The Form 14039 can be filed by either mail or fax following the instructions provided on the second page of the Form 14039.

    IF the taxpayer alleges identity theft and THEN
    The taxpayer was unable to file his/her return electronically because the primary and/or secondary SSN was misused Advise the taxpayer to attach Form 14039 and documentation to the back of his/her paper return and submit all to the IRS location where he/she normally files.
    The taxpayer already filed a paper return Advise the taxpayer to submit the Form 14039 and documentation to the IRS location where he/she normally files.
    The taxpayer is responding to a letter or notice he/she received Advise the taxpayer to submit Form 14039 and documentation with a copy of the notice or letter to the address contained in the notice or letter.
    Does not have a tax related issue Advise the taxpayer to mail the Form and documentation to
    Internal Revenue Service
    PO. Box 9039
    Andover, MA 01810-0939
    Or fax the Form to (855) 807-5720.

    Note:

    See IRM 10.5.3.2.6.2, Complete and Legible Documents for additional information.

  3. If taxpayers do not provide supporting documentation when requested, proceed with case resolution assuming the taxpayer is not an identity theft victim. See IRM 10.5.3.2.7, Reversing Pending Identity Theft Claims - TC 972 AC 522 NORPLY or NOIDT.

  4. Supporting Documentation can be accepted from the taxpayer or someone who has power of attorney for the taxpayer (e.g., Form 2848, Power of Attorney and Declaration of Representative). Form 14039 requires a signature of the taxpayer or representative of taxpayer. See IRM 10.5.3.2.6.2, Complete and Legible Documents for additional information.

  5. Documents must be secured and handled in the same manner as other sensitive taxpayer information. Form 14039 retention will follow case retention procedures of the function working the case.

  6. The business unit function that is assigned the identity theft case (relevant open control) or issued the notice/letter relating to the identity theft (CP 2000, Audit Notice, Letter 239C, etc.) is responsible for collecting supporting documentation in a timely, accurate, and secure manner, if applicable.

  7. The individual receiving Form 14039, the police report, or correspondence alleging identity theft will acknowledge receipt within 30 days of the IRS received date.
    If you are closing the case and find there has not been an acknowledgement of receipt of Form 14039, police report, or correspondence alleging identity theft, the closing contact will act as both an acknowledgement of receipt of the taxpayer's documents and the closing contact.

    Caution:

    Exercise caution when acknowledging receipt of documentation by mail. The address on Form 14039 may be different from the address on ENMOD.

    Note:

    Taxpayer notification does not apply to employees securing documentation face to face from the taxpayer.

  8. After the receipt of the taxpayer's documentation, IRS will need to research the case to verify the taxpayer's claim. If it is later determined that identity theft did not occur, reverse the TC 971 AC 522 (see IRM Exhibit 10.5.3-13 TC 972 AC 522 - Reversal of the TC 971 AC 522).

    Note:

    A systemic notification letter that the substantiation is received is not sent to the taxpayer when an AC 522 is input. Refer to your functional IRM for the specific letter your function will use to notify the taxpayer that Form 14039 was received by the IRS. However, a systemic notification letter is sent once the case is resolved and the TC 971 AC 501 is applied to the taxpayer's account.

  9. Taxpayer accounts displaying a TC 971 AC 522 with any one of the following Tax Administration Source Codes:

    • INCOME

    • INCMUL

    • MULTFL

    • NOFR

    • OTHER


    indicate the taxpayer provided complete and legible documentation supporting identity theft for a specific tax year. See IRM 10.5.3.2.6.3, Marking Taxpayer Accounts When Accepting Identity Theft Supporting Documents.

    Caution:

    This excludes accounts marked with a TC 971 AC 522 reflecting "PPDS" as the BOD, "OPIP" as the Program, and "OTHER" as the Tax Administration Code.

    Caution:

    The submission of Form 14039 by a claimant is not proof of identity theft. Identity theft is determined only after reviewing pertinent case facts and circumstances.

  10. A taxpayer is required to provide supporting documentation to the IRS only once per incident. Any business unit that requires supporting documentation for an identity theft incident should use this documentation.

    Example:

    A taxpayer provides supporting documentation to Automated Underreporter (AUR). The next year, Automated Collection System (ACS) receives a call from the taxpayer about a balance due notice and indicates he or she does not owe because of identity theft related to the same incident reported to AUR. The taxpayer does not need to submit supporting documentation again.

  11. Supporting documentation is valid for a period of three years from the date IRS receives and processes the documentation. If the taxpayer experiences a new identity theft incident after that period, the taxpayer will need to submit new supporting documentation.

    Example:

    A taxpayer provides supporting documentation to the IRS in March 2007. The taxpayer contacts IRS in 2012 with a new incident of identity theft. The taxpayer would need to provide IRS with new supporting documentation.

    Example:

    A taxpayer’s wallet was stolen in 2009. He reported the incident to the IRS in June 2009 and provided supporting documentation. His account was marked with a TC 971 AC 504. In March 2012, the taxpayer contacts the IRS because someone else filed using his SSN. The taxpayer does NOT need to provide new supporting documentation as the current incident is within the 3 year period.

    Note:

    If the documents provided by the taxpayer were received more than three years ago but you are able to make a determination of identity theft using internal resources, do not request new documentation.

    Note:

    If the documentation received date is different from the processing date (TC 971 AC 522 date), use the most current to begin the 3 year period.

  12. Supporting documentation may be submitted for one or more tax years.

    Example:

    In April 2010, the taxpayer received an AUR notice for his 2008 tax account. The taxpayer suspects he may be a victim of identity theft because he was unable to electronically file his 2009 return (someone had already filed under his SSN). The taxpayer provides supporting documentation to the IRS in May 2010 for the years 2008 and 2009.

10.5.3.2.6.1  (01-16-2014)
When to Request Identity Theft Supporting Documents

  1. Before requesting supporting documentation review the taxpayer's account (ENMOD/IMFOLE) to determine if a TC 971 (AC 501, 504, 505, 506, or 522) identity theft indicator already exists. If any of these indicators exists, follow the chart below.

    Reminder:

    Supporting documentation is valid for 3 years. Refer to IRM 10.5.3.2.6 (11) for additional information.

  2. Reviewing ENMOD/IMFOLE is necessary to help prevent duplicative (identical) TC 971 AC 501 entries. While there may be multiple TC 971 AC 501s on an account, none should be identical, e.g., they will pertain to different tax years, arise from different tax administration sources.

    IF THEN
    ENMOD/IMFOLE does not reflect any Identity Theft Tracking Indicators Collect Supporting Documentation per IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation. See IRM 10.5.3.2.5, Initial Allegation or Suspicion of Tax-Related identity Theft - Identity Theft Indicators.
    TC 971 AC 501 is present - Taxpayer initiated tax-related identity theft incident
    1. See IRM 10.5.3.2.6(8), 10.5.3.2.6(9), 10.5.3.2.6 10 and 10.5.3.2.6(11), Overview - Identity Theft Supporting Documents, to determine when to collect documentation from the taxpayer.

    TC 971 AC 504 with one of the following Miscellaneous Codes indicating taxpayer initiated non-tax-related identity theft incident:
    • ACCT

    • BOTH

    • INCOME

    • NKI

    1. Before requesting documentation, see IRM 10.5.3.2.6(8), 10.5.3.2.6(9), 10.5.3.2.6(10), and 10.5.3.2.6(11), Overview - Identity Theft Supporting Documents.

    TC 971 AC 505 is present

    Note:

    For more information about this indicator, see IRM 10.5.4.5.1.1, Applying Tracking Indicators to IRS Data Loss Incidents

    1. Collect supporting documentation.

    2. Notify the Identity Protection Office immediately at Outlook directory mailbox *PGLD Identity Protection Program. Send an encrypted E-mail to the Identity Protection Office with the following information: taxpayer name, SSN, supporting documentation used to substantiate theft and identity, and any other information available based on your contact with the taxpayer.

    Caution:

    Do NOT show any PII of the taxpayer on the subject line of the E-mail. Show the subject line as, "AC 501 with AC 505 on taxpayer account."

    TC 971 AC 506 is present - IRS initiated tax-related identity theft incident
    1. If you are able to make a determination of SSN ownership using internal research, do not request supporting documents.

      Note:

      If you cannot make a determination using internal research and there is a TC 971 AC 522 indicating documents were previously provided, see IRM 10.5.3.2.6(8), 10.5.3.2.6(9), and 10.5.3.2.6(10).

    TC 971 AC 522 with any of the following Administration Source Codes present:
    • INCOME

    • MULTFL

    • INCMUL

    • NOFR

    • OTHER

    • NODCRQ

    1. The taxpayer has already provided complete and legible documents. See IRM 10.5.3.2.6(9), IRM 10.5.3.2.6(10), and IRM 10.5.3.2.6(11) to determine if those documents have expired.

      Caution:

      This excludes accounts marked with a TC 971 AC 522 reflecting "PPDS" as the BOD, "OPIP" as the Program, and "OTHER" as the Tax Administration Code.

    TC 971 AC 522 with any of the following Administration Source Codes present:
    • IRSID

    • ≡ ≡ ≡ ≡

    1. If you are able to make a determination of SSN ownership using internal research, do not request supporting documents.

    TC 971 AC 522 PNDCLM is present AND there is NO TC 971 AC 522 indicating document receipt

    Exception:

    Accounts marked with TC 971 AC 522 WI SP PNDCLM. SP inputs the TC 971 AC 522 to reflect document receipt with the return.

    Collect Supporting Documentation per IRM 10.5.3.2.67, Overview - Identity Theft Supporting Documentation..

    Note:

    If the documentation is present on AMS/CIS, do NOT request the taxpayer resubmit the document. However, if no documentation is available and more than 45 days has passed since the taxpayer mailed the documents, request the taxpayer to resubmit and annotate AMS.

    Note:

    If a TC 971 AC 522 WI SP PNDCLM is present, request the original return. Identity theft documents will be attached to the return.

10.5.3.2.6.2  (01-16-2014)
Complete and Legible Documents

  1. When a taxpayer submits Form 14039, the Form 14039 and associated document(s) must be reviewed to determine if they are legible and complete.

    Note:

    An unsigned Form 14039 is considered incomplete.

  2. A document is considered legible when the following elements, as applicable to document type and IRS needs in determining the true SSN owner, are clear and easily read. Refer to IRM 10.5.3.6.2 (1), Overview - Identity Theft Supporting Documentation for types of acceptable documents.:

    • Name

    • Date of birth

    • Place of birth

    • Address

    • Date of issue

    • Expiration date

    If you have determined the documentation provided is complete and legible, initiate taxpayer contact to notify them the information requested has been received, if you have not already done so.

    Note:

    If the documentation provided is not complete or legible but you can make a determination through the use of internal research, resolve the identity theft issue. See IRM 21.6.2.3, TIN-Related Problems Research, IRM 21.6.2.4.2, Multiple Individuals Using the Same TIN, and IRM 21.6.2.4.2.3, Preliminary Research for additional information about determining SSN ownership. See IRM 10.5.3.2.11, IRS Identified Identity Theft Affecting Tax Administration - TC 971 AC 506. Do not use TC 971 AC 501 when closing unless you have complete and legible documentation.

    Note:

    If only one digit or letter is not clear on the taxpayer provided document, calling the taxpayer to verify information is acceptable.

  3. When the documentation is NOT legible/complete and:

    IF THEN
    There is an open control in another function.
    Sending Employee
    1. Input TC 971 AC 522 PNDCLM (if there is already a TC 971 AC 522 PNDCLM for the same tax year, do not input another).

    2. Forward the documentation to the employee assigned in the appropriate function.

    3. The sending employee will close their control after sending the case to the assigned (receiving) employee.


    Receiving (Assigned) Employee
    1. The receiving (assigned) employee will suspend the case and request the taxpayer provide legible and complete documentation within 30 days of the request.

    2. If the receiving (assigned) employee does not secure a taxpayer response within 45 days from the date of request, the TC 971 AC 522 PNDCLM will be reversed using TC 972 AC 522 NORPLY

    3. The receiving (assigned) employee will close identity theft issue and resolve/address remaining issues as appropriate.

    If you have an open case

    Exception:

    AM IPSU employees will begin monitoring process when Multi-Function Criteria is met. Refer to IRM 21.9.2.3.3, Tax-Related Identity Theft (IPSU Toll-Free line CSRs only).

    1. Input TC 971 AC 522 PNDCLM (if there is already a TC 971 AC 522 PNDCLM for the same tax year, do not input another).

    2. Contact the taxpayer and request the taxpayer provide legible and complete documentation within 30 days of the request.

    3. If you do not receive a taxpayer response within 45 days from the date of request, reverse TC 971 AC 522 PNDCLM using TC 972 AC 522 NORPLY.

    4. Close identity theft issue and resolve/address remaining issues as appropriate.

    There is no open control in another function.
    1. Input TC 971 AC 522 PNDCLM (if there is already a TC 971 AC 522 PNDCLM for the same tax year, do not input another).

    2. Return the documents to the taxpayer explaining what is needed.

    3. Advise the taxpayer to respond with complete legible documents within 30 days of the request.

    4. Close identity theft issue and resolve/address remaining issues as appropriate.

    Note:

    Exercise caution when contacting the taxpayer by mail. If the address on Form 14039 differs from the address on ENMOD, correspond to the address on Form 14039.

  4. Once documents have been verified as complete and legible, mark the account with a TC 971 AC 522 and the appropriate Tax Administration Source Code, see IRM 10.5.3.2.6.3, Marking Taxpayer Accounts When Accepting Identity Theft Supporting Documentation and Exhibit 10.5.3-12, TC 971 AC 522 - supporting Documentation Received by IRS.

10.5.3.2.6.3  (01-16-2014)
Marking Taxpayer Accounts When Accepting Identity Theft Supporting Documents

  1. Upon receipt of complete and legible documents, mark the taxpayer's account using Command Code (CC) REQ77 initiated from ENMOD to input a TC 971 AC 522 reflecting an appropriate Tax Administration Source Code depending upon the facts and circumstances of the case along with the tax year of the identity theft incident. See IRM Exhibit 10.5.3-12, TC 971 AC 522 - supporting Documentation Received by IRS.

  2. There are five Tax Administration Source Codes that apply when marking accounts to reflect receipt of acceptable documents.

    1. INCOME - used when income has been reported under the taxpayer's SSN without their consent or knowledge.

    2. MULTFL -used when two or more returns are filed for the same tax period under the same SSN.

    3. INCMUL - used when both INCOME and MULTFL apply.

    4. NOFR - used when the taxpayer is not required to file a return.

    5. OTHER - used when the situation does not fit any Tax Administration Source Code Type.

    Caution:

    Review the Form 14039 for the year(s) affected by identity theft. Be sure to include only those years where identity theft is suspected when marking the taxpayer's account.

  3. The TC 971 AC 522 (INCOME, MULTFL, INCMUL, NOFR, and OTHER) are only applied to a taxpayer's account when complete and legible supporting documentation has been received by the IRS.

  4. After receipt of the taxpayer's documentation, the employee assigned will need to research the case to verify the taxpayer's claim. If it is later determined that identity theft did not occur, reverse the TC 971 AC 522 (see IRM 10.5.3 - 13 TC 972 AC 522 - Reversal of the TC 971 AC 522). Follow your IRM procedures to notify the taxpayer of actions you took to resolve the issues.

  5. A systemic notification letter that the supporting documents were received is not sent to the taxpayer when an AC 522 is input. However, a systemic notification letter is sent on some identity theft cases once the case is resolved and the TC 971 AC 501 is input.

10.5.3.2.6.4  (01-16-2014)
Marking Taxpayer Accounts When Identity Theft Supporting Documents Are NOT Required (NODCRQ) - TC 971 AC 522 NODCRQ

  1. Generally, taxpayers alleging identity theft will be required to provide supporting documents. However, in situations where the taxpayer alleges identity theft and there is a posted unreversed TC 971 AC 501, AC 506, or AC 522 Source Code INCOME, MULTFL, INCMUL, NOFR or OTHER taxpayers may not be required to provide supporting documentation. In situations where identity theft is alleged or suspected and both of the following are true,

    • There is a posted/unreversed TC 971 AC 501/ 506 or TC 971 AC 522 Source Code INCOME, MULTFL, INCMUL, NOFR, or OTHER and

    • The posted transaction falls within the three year period as described in IRM 10.5.3.2.6(9) andIRM 10.5.3.2.6(10).


    You will input a TC 971 AC 522 on ENMOD containing the Administration Source Code "NODCRQ" . The Secondary Date field will reflect the tax year of the incident:

    Example:

    Ms. Taxpayer contacted the IRS on December 10, 2010, stating that in 2009 someone used her SSN to file a return. She provided ID theft documentation at that time. The account issues were resolved and a TC 971 AC 501 was posted to her Entity. In March 2011, she contacted IRS again because she was unable to file her 2010 return. The employee reviewed the account and found a prior TC 971 AC 501 within the three year period. The employee will mark the account using TC 971 AC 522 NODCRQ.


    See IRM Exhibit 10.5.3 -12, TC 971 AC 522 Tax-Related Identity Theft, Case Status (Initial Claim/Suspicion and Supporting Documents).

10.5.3.2.6.4.1  (01-16-2014)
When to Update the Victim's Address

  1. Once you have verified that you are dealing with the victim of identity theft and confirmed he/she is the SSN owner, you will need to verify that the address posted on ENMOD/IMFOLE is the correct address. When a return filed by a non SSN owner posts to an account as a TC 150, the address on ENMOD is updated to the address on that return. Therefore, it is important to make timely entity corrections to prevent the issuance of correspondence or refunds to the wrong address.

    Exception:

    Updating the address on controlled identity theft cases does not apply to telephone assistors or Field Assistance employees. Addresses are only updated by employees assigned to research and resolve identity theft cases only after an SSN determination has been made. Refer to IRM 21.6.2.4.2.1(1), Telephone Inquiries Regarding MXEN, MXSP, IDT1, IDS1, IDT3, IDS3, IDT6, IDT8, IDT9, IDS9, and Scrambled Cases, IRM 21.3.4.11.2 , Taxpayer Requests for Address Change, and IRM 21.1.3.20 , Oral Statement Authority for additional information.

  2. After confirming the person you are working with is the SSN owner, correct the address as appropriate. Refer to IRM 21.2.4.3.5 , Address Change/Correction, and to IRM 21.3.4.11.2 , Taxpayer Requests for Address Change. Correcting the address as early as possible may prevent disclosure of taxpayer information.

    Note:

    The submission of Form 14039 by a claimant is not proof of identity theft and address changes should not be based solely on receipt of this form. Form 14039 should be used in conjunction with other key information to make decisions related to verifying taxpayer information. Refer to IRM 10.5.3.2., IMF Identity Theft Research for additional information.

10.5.3.2.7  (01-16-2014)
Reversing Pending Identity Theft Claims - TC 972 AC 522 NORPLY or NOIDT

  1. There may be situations when it is necessary to reverse a pending identity theft claim.

  2. A pending identity theft claim is an account with an unreversed TC 971 AC 522 and no subsequent TC 971 AC 50X.

  3. Taxpayer Does Not Respond to Requests For Supporting Documentation - NORPLY: When a taxpayer alleges identity theft and has not provided the supporting documents requested within the prescribed time period, mark the taxpayer's account using Command Code (CC) REQ77 initiated from ENMOD to input a TC 972 AC 522 reflecting a Tax Administration Source Code NORPLY, and the tax year of the identity theft incident. See Exhibit 10.5.3 -13, TC 972 AC 522 - Reversal of TC 971 AC 522 for additional information.

    Example:

    On February 14, 2011, the taxpayer contacted SBSE Exam regarding a 2009 statutory notice of deficiency. The taxpayer claimed that he MUST be a victim of identity theft as someone else claimed his dependents. The exam employee input a TC 971 AC 522 PNDCLM to flag the account as potential identity theft and requested the taxpayer provide supporting documentation within the next 30 days. The case was put into suspense for 45 days. The taxpayer did not respond. On April 18, 2011, the exam employee reversed the pending identity theft claim using TC 972 AC 522 NORPLY and continued to work the case using normal exam procedures.

    Reminder:

    If the taxpayer does not provide supporting documentation when requested, proceed with case resolution assuming the taxpayer is not an identity theft victim.

  4. Identity Theft Did NOT Occur - NOIDT: When a taxpayer alleges identity theft and it is determined that ID theft did not occur, reverse the pending claim using Command Code (CC) REQ77 initiated from ENMOD to input a TC 972 AC 522 reflecting a Tax Administration Source Code NOIDT, and the tax year of the identity theft incident. See IRM Exhibit 10.5.3-13, TC 972 AC 522 - Reversal of TC 971 AC 522 for additional information. Follow your IRM procedures to notify the taxpayer of actions you took to resolve the issues.

    Example:

    Taxpayer asserted he might be a victim of identity theft on February 12, 2011, when he filed Form 14039 and personal identification at his local Taxpayer Assistance Center (TAC). The TAC employee verified a return was already filed for the taxpayer under his SSN and input two TC 971 AC 522s. One indicating a pending claim of identity theft (TC 971 AC 522 PNDCLM) and a second indicating the documents provided were legible and complete (TC 971 AC 522 MULTFL). The TAC employee sent the return for processing. Several weeks later, the return posted to the taxpayers account as a TC 976. On May 24, 2011, the taxpayer calls toll-free and reports he made an error on his 16 year-old son’s return. The taxpayer inadvertently used his own SSN when completing his son’s return. The son’s return is posted as the TC 150 return. No identity theft occurred. The IRS employee inputs comments on AMS and makes a referral to the employee assigned the duplicate filing (DUPF) case. The employee assigned the DUPF will reverse the TC 971 AC 522 PNDCLM from taxpayer’s account by marking the taxpayer’s account with a TC 972 AC 522 NOIDT, indicating the identity theft claim has been rescinded.

10.5.3.2.8  (01-16-2014)
Closing Identity Theft Issues

  1. Case Closure Analysis: Perform case closure analysis to ensure all identity theft related issues have been addressed and resolved. This includes but is not limited to:

    • Review both prior (a minimum of three prior years) and subsequent years for apparent evidence of unresolved identity theft issues;

      Example:

      The SSN owner filed for the first time in 2011. A review of the accounts indicates returns were filed for tax years 2009 and 2010. While the taxpayer did not include the tax years 2009 and 2010 on the Form 14039, it is clear that these years were not filed by the SSN owner.

    • Release notice or enforcement holds as appropriate;

    • Ensure the victim received their appropriate refund; And

    • Verify and update the taxpayer's address.

    • Refer issues identified during case closure analysis to another function, ONLY when you cannot resolve the case within your own function.

    • Correcting the taxpayer's address;

    • Adjusting the account to the taxpayer's figures;

    • Advising the taxpayer of actions taken; and

    • Issuing the taxpayer's correct refund.

  2. Back-End Work - The following actions are considered back-end work necessary finish case resolution after the indentity theft issues are resolved. These actions have no affect on the taxpayer (victim of identity theft).

    • Waiting for a perpetrator's return to post to an IRSN; or

    • Transferring an assessment using TC 400 procedures.

  3. The input of the AC 50X will not, in every case, coincide with the closing of the control base. There may be additional back-end work to be completed before the control base can be closed. Do not wait until all the additional back-end work is completed before inputting the protective TC 971 AC 501/506 on the taxpayer's account, for example completing TC 400 procedures.

    Caution:

    The importance of updating the address prior to inputting the TC 971 AC 501/506 cannot be stressed enough. If the address is not updated appropriately, the victim notification letter will go to the wrong address. In addition, failure to follow the appropriate sequence could result in the Identity Protection Personal Identification Number (IP PIN) being sent to the ID thief instead of the ID theft victim. Refer to IRM 10.5.3.2.156, Identity Protection Personal Identification Number (IP PIN).


    The AC 501 cannot be input until the taxpayer is no longer harmed by identity theft issues impacting tax administration. The TC 501 indicates all identity theft tax administration issues have been resolved from the taxpayer's perspective.

    Example:

    An identity thief's return posted to the victim's 2010 account first. The victim was expecting a refund for 2010. In 2007, the victim was assessed by exam for underreporting income originating from the identity theft. The victim did not have a filing requirement in 2007. Prior to marking ENMOD with a TC 971 AC 501, the employee assigned MUST:
    ENSURE the victim's address has been verified and updated on ENMOD.
    Adjust the 2010 account to the taxpayer's figures and issue a correct refund to the victim.
    Suspend all collection activity.

    Note:

    The correction of the 2007 account is considered back-end work. From the taxpayer's perspective, the account is resolved.

  4. A case control must be maintained until all back-end work is completed.

  5. Prior to moving a case into back-end casework, the outstanding issues must be cleared through the PGLD if they are not addressed in 10.5.3.2.8 (3). Your Headquarters representative from your functional area will coordinate with PGLD.

  6. The employee assigned the case will close the identity theft issue by marking the account with either a TC 971 AC 501 for taxpayer initiated identity theft supported by taxpayer provided documentation or a TC 971 AC 506 for IRS identified identity theft (no documentation required). These action codes (501 and 506) provide the taxpayer protection against future occurrences of identity theft.

10.5.3.2.9  (01-16-2014)
Closing Taxpayer Initiated Identity Theft Affecting Tax Administration - TC 971 AC 501, Documentation Provided

  1. To indicate resolution of a taxpayer initiated identity theft claim supported by documentation, mark the victim's account using Command Code (CC) REQ77 initiated from ENMOD, to input a TC 971 AC 501 reflecting an appropriate Tax Administration Source Code depending upon the facts and circumstances of the case along with the tax year of the identity theft incident. The AC 501 is applied to a taxpayer's account when all of the following occur:

    1. The identity theft incident was taxpayer initiated and supported by taxpayer documentation, or the identity theft incident was IRS identified but taxpayer documentation was required to resolve all issues.

    2. All corrective actions have been taken. This includes verifying and updating the taxpayer's address on ENMOD, as applicable (excludes back-end work, see IRM 10.5.3.2.8 (3), Closing Identity Theft Issues.

      Caution:

      Marking the account with AC 501 prior to correcting the victim's address may result in the issuance of the victim notification letter to an incorrect address and may allow an identity thief's return to post while the legitimate taxpayer's return will unpost.

      Note:

      See IRM 21.6.2.4.2, Multiple Individuals Using the Same TIN.

    3. The taxpayer's identity theft affects tax administration.

    4. The taxpayer provided complete and legible supporting documentation.

      Note:

      ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    5. Perform case closure analysis to ensure all identity theft related issues have been addressed and resolved. Refer to IRM 10.5.3.2.8, Closing Identity Theft issues.

    Note:

    The input of the AC 501 will not, in every case, coincide with the closing of the control base. Refer to IRM 10.5.3.2.8, Closing Identity Theft issues.

    • Verifying and updating the taxpayer's address MUST be done before inputting the TC 971 AC 501.

  2. TC 971 AC 501 can be input by any business unit delegated the authority and programmed to use this code when closing identity theft issues supported by taxpayer documentation.

    Example:

    A taxpayer contacts AUR about a CP 2000 notice. In the course of working the case, AUR determines the taxpayer is a victim of identity theft. The victim provides AUR with supporting documentation. AUR will verify the taxpayer's address, take appropriate action and close the case with a TC 971 AC 501.

  3. There can be more than one TC 971 AC 50X input or present for different functions in the same year.

    Example:

    Accounts Management (AM) determined there was a case of identity theft for 2008 based on a duplicate filing condition. AM inputs TC 971 AC 506 (no taxpayer documentation was secured) at case resolution. This will appear on the taxpayer's account as TC 971 AC 506 WI AMADJ MULTFL 12312008.
    Later that year, an Automated Underreporter (AUR) notice (CP 2000) is created for the taxpayer. The income discrepancy is due to the identity theft. When closing the AUR case, AUR inputs TC 971 AC 501 for the underreporter issue because the taxpayer provided supporting documents as requested by AUR. The account will reflect a TC 971 AC 501 WI AUR INCOME 12312008, resulting in two TC 971 AC 50Xs for different functions during the same year.

  4. There can be more than one TC 971 AC 501 input or present for different tax years by the same business function.

    Example:

    A taxpayer provides supporting documentation for identity theft after his or her tax year 2005 electronic return was rejected due to a duplicate filing. At case resolution, a TC 971 AC 501 was placed on the account. The following tax year (2006), there is another duplicate filing on this SSN. Another TC 971 AC 501 would be placed on the taxpayer’s account for tax year 2006, ENMOD/IMFOLE will reflect a TC 971 AC 501 for 2005 and 2006.

  5. If the taxpayer during his/her initial inquiry stated more than one tax year was affected by identity theft, the function working the taxpayer's issue will review the entity to ensure accounts marked with a TC 971 AC 522 have been resolved. If more than one year is affected by identity theft and resolved, the employee will enter the corresponding TC 971 AC 50X for each year. However, if it is determined that a tax-related identity theft did not occur in one of the previously reported tax years, the employee would reverse the TC 971 AC 522 using the appropriate reversal code, see IRM 10.5.3.2.7, Reversing Pending Identity Theft Claims - TC 972 AC 522 NORPLY or NOIDT.

10.5.3.2.9.1  (01-16-2014)
Actions Taken After TC 971 AC 501 Placed on Account

  1. Notice CP 01, Identity Theft Claim Acknowledgment, is used for victim notification on identity theft issues closed with a TC 971 AC 501. CP 01 systemically generates between 2 and 12 posting cycles after the TC 971 AC 501 is input, depending upon when the taxpayer's account adjustment is completed. CP 01 contains the following information:

    1. Confirmation that the supporting documentation was received and accepted

    2. Information about how the IRS will monitor the taxpayer's account and income tax returns

    3. Information about identity theft prevention and available identity theft-related resources

    Note:

    Letter 4445 C, Acknowledgement Notification, was previously used for victim notification for TC 971 AC 501s input through June 30, 2009. Letter 4445 C may be used in those instances where taxpayers indicate they never received Notice CP 01.

    Note:

    A Notice CP 01, is not applicable to, and does not systemically generate when a TC 971 AC 506 is applied to a taxpayer's account.

  2. The taxpayer should continue to file tax returns each tax year, as appropriate.

  3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  4. The presence and date of the TC 971 AC 501 on an account should be used as a data point, along with other key information, to make case-related decisions. The existence of the identity theft indicator should not supersede or replace existing procedures for case resolution.

  5. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

10.5.3.2.9.2  (01-16-2014)
Manually Reversing TC 971 AC 501

  1. In some instances, it may be necessary to manually reverse TC 971 AC 501. Reversal may be necessary because of any of the following reasons:

    1. TPRQ- The taxpayer requests reversal.

    2. IRSERR- There was a keying or internal error in the input of the TC 971 AC 501.

    3. FALSE- The original identity theft claim was fraudulent.

    4. IRSADM- The TC 971 AC 501 has an internally identified negative affect on the taxpayer.

    5. OTHER- There are other reasonable circumstances not listed above.

    Note:

    Be sure to select the correct code. If codes a-d above are not applicable, use OTHER.

  2. Actions needed prior to manually reversing an identity theft marker at the taxpayer’s request:

    1. If this is a telephonic request, be certain that you are speaking with the taxpayer. Inadequate authentication of the identity of a caller could result in an unauthorized disclosure of return or return information. Refer to IRM 21.1.3.2.3, Required Taxpayer Authentication and IRM 21.1.3.2.4, Additional Taxpayer Authentication.

    2. Ask probing questions to determine why the taxpayer is requesting indicator removal and document AMS, or the case history if you do not have access to AMS, with the taxpayer’s response. For example, can you provide the reason why you would like this protection removed from your account?

    3. Explain to the taxpayer the indicator will:
      Help prevent future identity theft incidents;
      Ensure any returns filed are reviewed for identity theft indications; and
      Include the issuance of an IP PIN for as long as the indicator remains active.

    4. If the taxpayer insists on removal of the identity theft indicator after you have explained the benefits, review the account to determine if the identity theft issue is open in another function. If there is an open identity theft case, refer the case to that function using your normal referral procedures. Do not take actions on identity theft cases being worked by another function.

10.5.3.2.10  (01-16-2014)
IMF Identity Theft Worked by Certain Functions

  1. Functional employees assist taxpayers who are, or may become, victims of identity theft. Some functions have unique procedures for identity theft case resolution.

10.5.3.2.10.1  (01-16-2014)
The Identity Protection Specialized Unit (IPSU) and Referrals to Other Functions on Form 14027-B

  1. The Identity Protection Specialized Unit (IPSU) in Wage & Investment, Accounts Management, was established on October 1, 2008, to assist taxpayers who are, or may become, victims of identity theft. Part of IPSU's responsibilities include monitoring taxpayer cases that are open in more than one IRS function. Refer to IRM 10.5.3.2.10.1.1, IPSU Monitoring Multiple Function Criteria (MFC) Accounts for additional information on the monitoring process. The IPSU will refer cases via Form 14027-B,Identity Theft Case Referral, to other functions when an individual with a tax-related identity theft issue has called the IPSU. The form is used to notify functions that an IPSU caseworker will be monitoring case activity and following up on a regular basis. Form 14027-B will be routed through designated Identity Theft Liaisons (see SERP/Who/Where - Identity Theft Liaisons - Functional) and forwarded to functional employees. Refer to IRM 21.9.2.4.1, Self Identified - Non-Tax-Related Identity Theft - (Andover and Fresno IPSU only)

    Note:

    In situations where IPSU receives a complete and legible Form 14039, the IPSU employee will mark the taxpayer's account to reflect documentation receipt. However, if IPSU did not receive Form 14039 or if the Form 14039 was incomplete or illegible, the function receiving Form 14027-B is responsible for securing Form 14039 and supporting documents from the taxpayer.

  2. See IRM 21.9.2.2, Identity Theft-Expanded Procedures and IRM 10.5.3.2.10.1.1, IPSU Monitoring Multiple Function Criteria (MFC) Accounts for additional information regarding the duties and responsibilities of the IPSU, including the monitoring of identity theft cases with open controls referred from the IPSU to other functions.

10.5.3.2.10.1.1  (01-16-2014)
IPSU Monitoring Multiple Function Criteria (MFC) Accounts

  1. IPSU will monitor taxpayer accounts affected by identity theft when resolution requires actions/resolution by multiple IRS functions. Multiple Function Criteria (MFC) is defined as an identity theft case requiring resolution across functions. Refer to IRM 21.9.2.4.2, Tax-Related Identity Theft - (Andover and Fresno IPSU only) for additional information.

  2. When a function is working to resolve a tax related IDT issue involving only their function, and they identify a second issue that will require crossing functional lines for resolution, an IDT referral Form 14027-A must be completed and forwarded to IPSU to begin monitoring. The originating function will be required to continue with their function's procedures to resolve the tax related IDT issue. Refer to IRM 10.5.3.2.3, Multiple Function Criteria (MFC) Cases requiring referral to IPSU for Monitoring.

  3. Once IPSU confirms the referral meets MFC, IPSU will initiate the monitoring process. IPSU will issue the Form 14027 B per IRM 21.9.2.4.2. IPSU will place a monitoring control on the taxpayer’s accounts to ensure that all taxpayer issues have been resolved prior to case closure. Additionally, IPSU will issue a reminder e-mail to the functional employee on the 165th of the case (based on the IRS received date of the case) that either an interim or closing letter is required. Refer to IRM 21.9.2.4.2 (9) for additional information.

    Caution:

    If the case meets ITAR criteria, see IRM 10.5.3.2.10.1.3, Functional Responsibilities Regarding Referrals Meeting TAS Criteria 5-7, Identity Theft Assistance Requests (ITAR) to the IPSU

  4. Once all IDRS controls have closed and the tax-related issues are resolved in all functions, IPSU will perform a global account review to ensure that all taxpayer issues were resolved by the responsible functions. For additional information refer to IRM 21.9.2.6, Global Review.

  5. Form 14027-B Functional Responsibility - When functional employees receive a Form 14027-B from their functional liaison, they are responsible for all of the following:

    • Acknowledging receipt of the form by filling out Section V on page 2 of the form and notating receipt of Form 14027-B on IDRS or AMS.

      Exception:

      SB Field Examiners do not use IDRS nor AMS. These examiners use their normal case history worksheet to notate receipt of Form 14027-B.

    • Providing status updates to the taxpayer (interim letters or phone calls);

    • Recording periodic history entries (every 60 days) on IDRS or AMS;

    • Returning the form to the IPSU caseworker upon resolution of the case through your liaison; And

      Note:

      If the case received in the unit is forwarded to another function for action, functional employees will return Form 14027-B, with section VI completed, to the IPSU identity theft caseworker through their liaison.

    • When the case is resolved by the responsible function and the control is closed, the functional employee will complete Form 14027-B through Section VIII and return it to the IPSU through their liaison.

10.5.3.2.10.1.2  (01-16-2014)
The Identity Protection Specialized Unit (IPSU) and Referrals to Other Functions on Form 14103

  1. When functional employees receive a Form 14103, Identity Theft Assistance Request (ITAR), from the IPSU, functional employees will take the following actions:

    1. Acknowledge receipt of identity theft cases referred using Form 14103 within 5 business days via secured E-mail or fax number provided by the AM IPSU employee on the Form 14103, Section II, Box 3.

    2. Process identity theft cases referred using Form 14103 as priority.

    3. Review Section IV, Specific Assistance Requested, and determine whether the recommended action is appropriate and the requested completion date is reasonable.

      Reminder:

      Be sure to contact IPSU prior to the expiration of the negotiated completion date. If the negotiated completion date entered on box 3 and 4 in Section IV has elapsed, then a status update and new completion date must be provided to AM IPSU. Refer to IRM 21.9.2.9.1, Identity Theft Assistance Request (ITAR) - AM IPSU only for additional information on negotiating completion dates.

    4. Contact the IPSU employee shown in Section II if there are questions regarding the recommended action or if additional time is required. The function and IPSU employees should reach an agreement on the substantive case issues, recommended actions, and follow-up and completion dates.

    5. Provide the taxpayer with the required interim updates and official closing documents as directed in their IRM and provide copies to the AM IPSU Caseworker.

    6. The function employee/liaison will return the Form 14103 to the IPSU CSR with Section V and VI completed via CIS or fax when CIS is not available.

      Note:

      Refer to IRM 21.9.2.9, Identity Theft Assistance Request (ITAR) - General Information for further information regarding the Identity Theft Assistance Request.

10.5.3.2.10.1.3  (01-16-2014)
Functional Responsibilities Regarding Referrals Meeting TAS Criteria 5-7, Identity Theft Assistance Requests (ITAR) to the IPSU

  1. As part of the Identity Theft Program, the AM IPSU Team will generally assist taxpayers whose situations meet TAS criteria 5 - 7 AND involve identity theft. Applicable cases will now be considered IPSU criteria and MUST be referred to AM IPSU. See IRM 21.9.2.9, Identity Theft Assistance Request (ITAR) - General Information and IRM 13.1.16.9.7.1, Criteria 5-7 Identity Theft Cases Eligible for Referral to Identity Protection Specialized Unit (IPSU) for additional information.

  2. Review ENMOD/IMFOLE to determine if the tax year in question has already been marked with a TC 971 AC 522. If the account has not been flagged with an identity theft tracking indicator, mark the account as appropriate. See IRM 10.5.3.2.5, Initial Allegation or Suspicion of Tax Related identity Theft - Identity Theft Indicators, and IRM 10.5.3.2.6, Identity Theft Supporting Documentation, for assistance in determining the correct identity theft tracking indicator.

  3. Notify the taxpayer by sending Letter 86 C, Referring Taxpayer Inquiry/Forms to Another Office, or other applicable letter to inform the taxpayer he/she can expect contact from the IPSU within 7 business days from the date of receipt.


More Internal Revenue Manual